Journal of Computer Applications ›› 2011, Vol. 31 ›› Issue (11): 2975-2978.DOI: 10.3724/SP.J.1087.2011.02975
• Information security • Previous Articles Next Articles
LUO Wen-hua
Received:
Revised:
Online:
Published:
Contact:
罗文华
通讯作者:
作者简介:
基金资助:
Abstract: Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. The focus of this paper was to show the general patterns ascertained using reverse analysis applied to the aspects of start function, parameter transfer of function, data structure, control statement and Windows API. A case study of malware, used to obtain account information, login names, and passwords for the popular Chinese social networking program "QQ", was presented to illustrate how the reverse analysis quickly and accurately locates key information used to determine general patterns.
Key words: reverse technology, start function, parameter transfer, data structure, control statement, Windows API
摘要: 逆向分析是恶意程序分析的常用方法之一,在揭示恶意程序意图及行为方面发挥着其他方法无法比拟的作用。着重从启动函数、函数参数传递、数据结构、控制语句、Windows API等方面归纳总结恶意程序反汇编代码一般规律,并结合一起利用恶意程序窃取QQ账号与密码的真实案例说明快速准确定位关键信息的具体方法。
关键词: 逆向技术, 启动函数, 参数传递, 数据结构, 控制语句, Windows API
LUO Wen-hua. Malware analysis method based on reverse technology[J]. Journal of Computer Applications, 2011, 31(11): 2975-2978.
罗文华. 基于逆向技术的恶意程序分析方法[J]. 计算机应用, 2011, 31(11): 2975-2978.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.3724/SP.J.1087.2011.02975
https://www.joca.cn/EN/Y2011/V31/I11/2975